Complete DHS Report for
June 10, 2015
Daily Report
Top Stories
· Pacific
Gas & Electric Co., officials reported that at least 65,000 homes and
businesses lost power across the San Francisco Bay Area for over 3 hours June
8-9 in heat-related outages. – San Francisco Chronicle
1. June 9,
San Francisco Chronicle – (California) Power outages hit 65,000
in Bay Area, slow BART. Pacific Gas & Electric Co., officials reported
that at least 65,000 homes and businesses lost power across the San Francisco
Bay Area for over 3 hours June 8 – 9 in heat-related outages, including an East
Bay blackout reportedly caused by a squirrel in an El Cerrito substation that
knocked power out to 45,000 customers and the Downtown Berkeley Bay Area Rapid
Transit (BART) station. The heat also affected BART service on the Daly City
line. Source: http://www.sfgate.com/bayarea/article/Power-outages-hit-thousands-in-San-Jose-East-Bay-6314969.php
· The U.S.
Department of Agriculture reported June 8 that liquid, dried, and frozen egg
products will be imported from the Netherlands due to a shortage caused by the
spread of the avian flu. – KCCI 8 Des Moines
11. June
8, KCCI 8 Des Moines – (Iowa) New bird flu cases emerge; U.S. to
import egg products from Netherlands. The U.S. Department of Agriculture
reported June 8 that egg products such as liquid, dried, and frozen eggs will be
imported from the Netherlands due to a shortage caused by the spread of avian
flu. Source: http://www.kcci.com/news/new-bird-flu-cases-emerge-us-to-import-egg-products-from-netherlands/33474372
·
Crews are working to install a temporary water line to service 250 Logan
County, Colorado residents that have been without running water due to a main
break during the week of June 1. – KUSA 9 Denver (See item 13)
13. June
8, KUSA 9 Denver – (Colorado) Colo. town without water for more
than a week. Crews are working to install a temporary line to get water
running for 250 residents of Logan County that have had no access to running
water service since a water main beak occurred the week of June 1. The
temporary line is expected to be finished by the week of June 15 and a
permanent solution will take several months, leaving residents to rely on
drinking water from Red Cross and nearby towns. Source: http://www.9news.com/story/news/local/2015/06/08/ne-colorado-town-of-iliff-without-water-for-more-than-a-week/28706837/
· The
White House Office of Management and Budget issued the HTTPS-Only Standard
directive June 8, requiring all public Federal Web sites to switch to HTTPS
connections by December 31, 2016. – White House Office of Management and
Budget See
item 27 below in the Information Technology Sector
Financial Services Sector
4. June 9,
Bay Area News Group – (National) RPM Mortgage fined $20 million
over loan scheme. The U.S. Consumer Financial Protection Bureau issued $20
million in fines June 8 to RPM Mortgage and the company’s CEO following
allegations that he paid employees bonuses to place clients in loans with
higher interest rates from 2011 – 2013. RPM Mortgage agreed to settle the
allegations without admitting wrongdoing. Source: http://www.santacruzsentinel.com/business/20150608/rpm-mortgage-fined-20-million-over-loan-scheme
For another story, see item 26 below
in the Information Technology Sector
Information Technology Sector
23. June 9, BBC – (International) Cyber-thieves
cash in from malware. Security researchers at Trustwave reported that
cyber-thieves can earn almost 1,500 percent potential profit from ransomware
kits by spending approximately $5,900 on kits that could earn about $90,000 a
month in an attack campaign via a compromised Web site. Source: http://www.bbc.com/news/technology-33048949
24. June 9, Softpedia – (International) HDD
firmware altering modules from Equation Group may exist for Apple devices. Security
researchers from the Intel Corporation’s McAfee Labs analyzed samples of EquationDrug
hard-drive reprogramming modules in their May McAffee Labs Threats Report and
found indications that versions of the module exist for Apple iOS and OS X
systems, as well as Microsoft Windows. Source: http://news.softpedia.com/news/HDD-Firmware-Altering-Modules-from-Equation-Group-May-Exist-for-Apple-Devices-483763.shtml
25. June 9, Reuters – (International) High-tech
extortion attacks nearly doubled in first quarter, report says. Findings
from the Intel Corporation’s May McAfee Labs Threats Report revealed that
high-tech extortion schemes via ransomware surged by 165 percent to 700,000
samples in the first quarter of 2015, and that Adobe Flash malware increased by
317 percent to 200,000 samples. Source: http://www.reuters.com/article/2015/06/09/us-cybersecurity-ransomware-idUSKBN0OP09P20150609
26. June 8, SC Magazine – (International) Vawtrak
banking malware found to use Tor2Web. Security researchers from Fortinet
reported that the Vawtrak banking malware, also known as Neverquest, is using
Tor2Web as a method to steal banking credentials undetected by accessing Tor
anonymous network sources without directly connecting to the network or using a
Tor client. The malware typically used fixed command-and-control (C&C)
servers, which are easier to trace. Source: http://www.scmagazine.com/fortinet-posts-new-vawtrak-blog-post/article/419355/
27. June 8, White House Office of Management and Budget –
(International) HTTPS-everywhere for government. The White House Office
of Management and Budget issued the HTTPS-Only Standard directive June 8,
requiring that all publicly accessible Federal Web sites and Web services only
provide service through Hyper Text Transfer Protocol Secure (HTTPS) connections
by December 31, 2016. The U.S. Chief Information Officer set up a Web site to
provide technical assistance and best-practices for migration as well as a
public dashboard to monitor progress. Source: https://www.whitehouse.gov/blog/2015/06/08/https-everywhere-government
For additional stories,
see item 2 below from the Energy Sector, item 15 from the Healthcare
and Public Health Sector and item 18 below from the Government Facilities
Sector
2. June 8, Securityweek – (International) XZERES
fixes CSRF vulnerability in small wind turbine. XZERES Wind released a
patch to address a cross-site request forgery (CSRF) vulnerability in its 442SR
wind turbine web-based interface in which a remote attacker could hijack user
sessions and cause a loss of power for all attached systems. Source: http://www.securityweek.com/xzeres-fixes-csrf-vulnerability-small-wind-turbine
15. June 8, Threatpost – (National) Many drug
pumps open to variety of security flaws. A security researcher revealed
severe vulnerabilities in several drug-infusion pumps manufactured by Hospira,
including the Plum A+, PCA LifeCare, and Symbiq pumps, which run the same
software as the known-susceptible PCA3 and PCA5 pumps. An unauthenticated
remote root shell and hard-coded local credentials are among the
vulnerabilities which leave the devices open to security risks. Source: https://threatpost.com/many-drug-pumps-open-to-variety-of-security-flaws/113202
18. June 8, Securityweek – (National) US Army
website hacked: officials. The U.S. Army’s official Web site was shut down
June 8 after hackers claiming to be affiliated with the “Syrian Electronic
Army” posted messages denouncing U.S. training of rebel fighters in Syria. No
classified or personal data was housed on the Web site, and officials reported
that no data was stolen. Source: http://www.securityweek.com/us-army-website-hacked-officials
Communications Sector
See item 24 above in the Information Technology Sector